How do I fix the type error of a kustomize path replace json patch?

Question

I'm trying to replace CORS policy URL between my cluster overlays. My base VS is as follows, but I run into an error I don't understand.

  - path: vs-patch.yaml
    target:
      group: networking.istio.io
      version: v1beta1
      kind: VirtualService
      name: test-vs

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: test-vs
spec:
  gateways:
   - istio-ingress/gw
  hosts: 
    - test

  http:
  - name: primary
    retries:
      attempts: 3
      perTryTimeout: 100s
      retryOn: gateway-error,connect-failure,refused-stream
    route:    
    - destination:       
        host: test-stable   
        port:
          number: 80
      weight: 100
      headers:
        response:
          set:
           Strict-Transport-Security: max-age=31536000; includeSubDomains
           Cache-Control: "no-store, private"
           X-Frame-Options: 'DENY'
           X-Content-type-Options: 'nosniff'
           X-XSS-Protection: '1; mode=block'
           Content-Security-Policy: "default-src 'self' https: ws: data: 'unsafe-inline' ; frame-ancestors 'none';"
           istioVs: "test-service"

          remove:
          - x-envoy-upstream-service-time
          - server
          - Pragma
    # Our second destination matches the second service in our "service.yaml"   
    - destination:       
        host: test-canary
        port:
          number: 80
      weight: 0
      headers:
        response:
          set:
           Strict-Transport-Security: max-age=31536000; includeSubDomains
           Cache-Control: "no-store, private"
           X-Frame-Options: 'DENY'
           X-Content-type-Options: 'nosniff'
           X-XSS-Protection: '1; mode=block'
           Content-Security-Policy: "default-src 'self' https: ws: data: 'unsafe-inline' ; frame-ancestors 'none';"
          remove:
          - x-envoy-upstream-service-time
          - server
          - Pragma

    corsPolicy:
      allowOrigins:
        - regex: (https://)(.*)(example.com)
      allowMethods:
      - POST
      - GET
      - OPTIONS
      allowCredentials: true
      allowHeaders:
        - accept
        - authorization
        - content-type
        - x-correlation-id
      maxAge: "24h"

- op: replace
  path: /spec/http/0/corsPolicy
  value: |
    allowOrigins:
     - regex: (https://)(.*)(example2.com)

I get an error: for: "apps/app/test/overlays/cluster1": error when patching "apps/app/test/overlays/cluster1": VirtualService.networking.istio.io "test-vs" is invalid: spec.http[0].corsPolicy: Invalid value: "string": spec.http[0].corsPolicy in body must be of type object: "string"

What is the correct Kustomize path and value?

value: | value:

I tried pulling in the entire directive, but really I just need the array to add regex.